The mission is called Var which we can deduce means we’re going to be working with variables again. As can be seen from the image below, the message reads “Faith is trying to trick you… she knows that you’re tired after all the math works”. To sum up, Faith is going to going to attempt some shinanigans to prevent us from completing this mission. We can test the form with random data to see what happens but as expected, we just get an alert informing us that it is incorrect.
If we inspect the page we can see the script that is powering the functionality. This is where the first deception comes in. If you view the page source instead of inspecting the element, you may not notice that the first variable is being set. The image below shows that the first variable is being set on the far right. It’s probably a bit to small to see though.
However, if we inspect the script you will see that at the very start of the script, we can see that the value ‘
moo‘ is being assigned to the variable ‘
RawrRawr‘. Next, we can see that a function called ‘
x‘ is being created where the value of ‘
hack_this_site‘ is being added to the variable ‘
+RawrRawr+‘. Then again, perhaps it isn’t. If we look at how the ‘
moo‘ is being assigned to ‘
hack_this_site‘ is being compared to ‘
The value of ‘
RawrRawr‘ is still moo, let’s see what the script does next. The script has an if statement that compares ‘
x‘ to an empty value between two speech marks plus the value of ‘
RawrRawr‘. So in essence, the script is checking the value of ‘
x‘ against nothing plus ‘
moo‘ as ‘
moo‘ was set earlier. Therefore, the password to complete the mission should be moo. Input that in to the box and click submit to score.